Deploying SL1 Appliances in Amazon Web Services

Download this manual as a PDF file

This section describes how to install SL1 on an Amazon Web Services EC2 instances. An instance is a virtual server that resides in the AWS cloud.

Use the following menu options to navigate the SL1 user interface:

  • To view a pop-out list of menu options, click the menu icon ().
  • To view a page containing all of the menu options, click the Advanced menu icon ().

For more information about monitoring Amazon Web Services in SL1, see the section on Monitoring Amazon Web Services.

AWS Instance Specifications

For details about AWS and the requirements and specifications for each SL1 appliance, see the ScienceLogic Support Site: https://support.sciencelogic.com/s/system-requirements?tabset-e65a2=f5872.

Deploying an SL1 System on AWS

For ease of configuration, create nodes or appliances in this order:

  1. Database Server
  2. Administration Portal (if applicable)
  3. Data Collectors
  4. Message Collectors (if applicable)

NOTE: The following instructions describe how to configure a ScienceLogic virtual machine in AWS. If you are looking for resources and support for AWS Cloud, see the Amazon AWS Marketplace: https://aws.amazon.com/marketplace/.

What are the ScienceLogic AMIs?

An instance is a virtual server that resides in the AWS cloud. An Amazon Machine Image (AMI) is the collection of files and information that AWS uses to create an instance. A single AMI can launch multiple instances.

For details on AMIs, see http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html.

The ScienceLogic AMIs are defined by ScienceLogic. ScienceLogic has created an AMI for each type of ScienceLogic appliance. You can use a ScienceLogic AMI to create Elastic Compute Cloud (EC2) instances for each type of ScienceLogic appliance.

NOTE: Elastic Compute Cloud (EC2) instances are virtual servers that come in a variety of configurations and can be easily changed as your computing needs change. For more information on EC2, see http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/concepts.html.

The ScienceLogic AMIs are private and are for ScienceLogic customers only. After you collect specific information about your AWS account, you can send a request (and the collected information) to ScienceLogic, and ScienceLogic will share the ScienceLogic AMIs with you.

NOTE: As of 8.10.0 and later releases, ScienceLogic AMIs support Enhanced Network Adapters (ENAs).

Getting the ScienceLogic AMI

To get access to the ScienceLogic AMIs:

  1. Log in to the ScienceLogic Support Site.
  2. Go to the Product Downloads menu and select License Request. The Request a ScienceLogic License page appears.

    If you are an Amazon Web Service GovCloud user, you will need to contact ScienceLogic Support to get the ScienceLogic AMI.

  3. Scroll down to the AMI Request section and click the Submit AMI Request button. The Request Amazon AMI page appears.
  4. Fill out the Request Amazon AMI form and click the Submit AMI Request button.
  5. Repeat steps 2-4 for each type of SL1 appliance you want to install on AWS.
  6. ScienceLogic Customer Support will send you an email confirming that they have shared the ScienceLogic AMI with your AWS account.
  7. To view the ScienceLogic AMIs in your AWS account, go to the AWS Management Console page. Under the heading Compute, click EC2.
  8. In the EC2 Dashboard page, go to the left navigation bar. Under the heading Images, click AMIs.
  9. In the main pane, under Filters, click Owned by me and then select Private images.
  10. You should see AMIs with names that begin with "EM7" and end with the current release number for SL1. You should see an AMI for each type of SL1 appliance.
  11. If you do not see AMIs with names that begin with "EM7", your EC2 Dashboard might have a default region that does not match the region for the ScienceLogic AMIs. To change the current region in the EC2 dashboard, click the region pull-down in the upper right and choose another region. Do this until you find the ScienceLogic AMIs.

A region is a geographic location. AWS has data centers that include multiple regions. You can specify that an instance reside in a specific region. For more details on regions, see http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html.

Launching the New Instance

To complete the steps listed in this section, you must have received the ScienceLogic AMIs.

This section assumes that you will launch each new EC2 instance into a VPC subnet with a primary IP address that is static and private.

NOTE: For more information on VPCs and VPC subnets, see http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Introduction.html.

For details about the recommended instance type for each ScienceLogic appliance, see System Requirements page on the ScienceLogic Support Site.

You can use multiple AWS instances to create a distributed SL1 System. For each instance, you must specify the correct instance type, storage size, and security rules. All these parameters are described in this section.

To launch the new EC2 instance from the ScienceLogic AMI:

  1. Go to the EC2 Dashboard.

  1. Select the ScienceLogic AMI that matches the ScienceLogic appliance you want to create. Click the Launch button.

  1. In the Choose Instance Type page, choose the instance type recommended for the AMI. Choose the size and type that fulfills your needs.

NOTE: For details about the recommended instance type for each ScienceLogic appliance, see the ScienceLogic Support Site. https://support.sciencelogic.com/s/system-requirements?tabset-e65a2=f5872

  1. Click the Next: Configure Instance Details button.

  1. In the Configure Instance Details page, define the following:
  • Number of Instances. Enter "1".
  • Request Spot Instances. Do not select.
  • Network. For VPC-enabled accounts, specify the network where the instance will reside. If you are unsure of the network, accept the default.
  • Subnet. For VPC-enabled accounts, specify the subnet where the instance will reside. If you are unsure of the subnet, accept the default.
  • Auto-assign Public IP. If you select Enable, AWS will assign an IP address from the public pool to this instance. If you select Disable, you must assign an Elastic IP Address (EIP) to the instance.

NOTE: If you select Enable in the Auto-assign Public IP field, the IP address will change each time the instance is stopped or terminated. For All-In-One Appliances and for Administration Portals, you might want to use an Elastic IP address (EIP), which is a persistent IP address. See the section on Elastic IP Addresses (EIP) for details.

NOTE: For more information on Elastic IP Addresses, see http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html.

  • IAM role. If your organization uses IAM roles, select the appropriate role.
  • Shutdown behavior. Select Stop.
  • Enable termination protection. Selecting this checkbox is not required. Configure this checkbox according to your organization's procedures.
  • Monitoring. Do not select this checkbox.
  • EBS-optimized instance. Do not select this checkbox.
  • Tenancy. Select Shared tenancy (multi-tenant hardware).
  • Metadata version. Selecting options in this drop down menu will enable metadata.
    • V1 and V2 (required)
    • V2 only. This version is not supported by SL1.
  1. Click the Next: Add Storage button.
  2. In the Add Storage page, select the checkbox in the Delete on Termination column.
  3. In the Add Storage page, increase the size of the /dev/sda1 partition as follows:
SL1 Appliance Type >Device Size in GB
Administration Portal Instance Store /dev/sda1 85
Message Collector without ScienceLogic Agent Instance Store /dev/sda1 85
Message Collector with ScienceLogic Agent Instance Store /dev/sda1 85
Database Server EBS /dev/sda1 105
All-In-One Appliance EBSNVMe SSD /dev/sda1 105
Data Collector Instance Store /dev/sda1 85

NOTE: The /dev/sda1 partition will contain the database.

  1. Click the Next: Tag Instance button.
  2. In the Tag Instance page, assign a descriptive tag to this instance. For example, you could enter "Name" in the Key field and "ScienceLogic AIO" in the Value field. This is optional.

NOTE: For more information on tags, see http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html.

  1. Click the Next: Configure Security Group button.
  2. A security group is a reusable set of firewall rules. In the Configure Security Group page, do the following:
  • Assign a security group. Select Create a new security group.
  • Security group name. Enter a name or accept the default name.
  • Description. Accept the default value in this field.
  1. Use the following tables to create security rules for each type of SL1 appliance. After completing each row, click the Add Rule button.
  2. Click the Review and Launch button and review the details of the new instance. Fix any problems to meet the requirements of your organization.
  3. Click the Launch button.
  4. Amazon EC2 instances use public-key cryptography for authentication. Select create a new key pair now. You can enter a name for the private key. AWS will store the public key on its servers and automatically download the file that contains the private key to your browser. The private key is stored in a file that ends in .pem. You will need this file again when you configure SSH access to your AWS instances.
  5. Amazon EC2 instances use public-key cryptography for authentication.
  • Select create a new key pair now.

  • Key pair name. Enter a name for the private key.

  • Download Key Pair. AWS will store the public key on its servers and automatically download the file that contains the private key to your browser. The private key is stored in a file that ends in .pem. You will need this file again when you configure SSH access to your AWS instances.

NOTE:  Do not select an existing key unless you have previously downloaded and saved the key. You cannot retrieve an existing key a second time.

  1. Click the Launch Instances button.
  2. The Launch Status page displays the status of the new instance.
  3. While the Launch runs in the background, go to the Instances page and provide a value in the Name field.
  4. When the instance launch has completed, click the View Instances button to see your new instance.
  5. When the instance launch has completed, click the View Instances button to see your new instance.
  6. For all nodes, continue to the steps listed in Additional Configuration Steps.

Security Rules for Each Appliance Type

All-In-One Appliance

Inbound

Type Protocol Port Range Source Description
SSH (edit the default SSH rule) TCP 22

If you will always log in from a single IP address, select My IP.

If you will log in to the instance from multiple IP addresses, enter those IP addresses, separated by commas, in this field.

Configure this list according to your requirements, your AWS configuration, and your security rules.

SSH. For SSH sessions from the user workstation to the appliance. This is necessary to start the installation wizard.
HTTP TCP 80

If you will always log in from a single IP address, select My IP.

If you will log in to the instance from multiple IP addresses, enter those IP addresses, separated by commas, in this field.

Configure this list according to your requirements, your AWS configuration, and your security rules.

HTTP from browser session on user workstation.
HTTPS TCP 443

If you will always log in from a single IP address, select My IP.

If you will log in to the instance from multiple IP addresses, enter those IP addresses, separated by commas, in this field.

Configure this list according to your requirements, your AWS configuration, and your security rules.

HTTPS from browser session on user workstation.
Custom TCP Rule TCP 7700

If you will always log in from a single IP address, select My IP.

If you will log in to the instance from multiple IP addresses, enter those IP addresses, separated by commas, in this field.

Configure this list according to your requirements, your AWS configuration, and your security rules.

ScienceLogic Web Configurator. Configuration Utility from browser session on user workstation. This is necessary to license the appliance.
Custom UDP Rule UDP 162

Specify a list of IP addresses for all managed devices from which you want to receive SNMP traps.

Configure this list according to your requirements, your AWS configuration, and your security rules.

SNMP Traps. Necessary to receive SNMP traps from managed devices.
Custom UDP Rule UDP 514

Specify a list of IP addresses for all managed devices from which you want to receive Syslog messages.

Configure this list according to your requirements, your AWS configuration, and your security rules.

Syslog messages. Necessary to receive syslog messages from managed devices.
SMTP TCP 25

Specify a list of IP addresses for all managed devices from which you want to receive email messages.

Configure this list according to your requirements, your AWS configuration, and your security rules.

Necessary to receive inbound email for tickets, events, and email round-trip monitoring.
Custom TCP Rule TCP 123

Enter the IP address of the NTP server.

Configure this list according to your requirements, your AWS configuration, and your security rules.

NTP. Communication between the All-In-One Appliance and configured NTP server.

Database Server

Inbound

Type Protocol Port Range Source Description
SSH (edit the default SSH rule) TCP 22

If you will always log in from a single IP address, select My IP.

If you will log in to the instance from multiple IP addresses, enter those IP addresses, separated by commas, in this field.

Configure this list according to your requirements, your AWS configuration, and your security rules.

SSH. For ssh sessions from user workstation to the appliance. This is necessary to start the installation wizard.
SMTP TCP 25

Specify a list of IP addresses for all managed devices from which you want to receive email messages.

Configure this list according to your requirements, your AWS configuration, and your security rules.

Necessary to receive inbound email for tickets, events, and email round-trip monitoring.

HTTP

NOTE: Required only if you are using the Administration Portal on the Database

TCP 80

If you will always log in from a single IP address, select My IP.

If you will log in to the instance from multiple IP addresses, enter those IP addresses, separated by commas, in this field.

Configure this list according to your requirements, your AWS configuration, and your security rules.

HTTP from browser session on user workstation.
Custom TCP Rule TCP 123

Enter the IP address of the NTP server.

Configure this list according to your requirements, your AWS configuration, and your security rules.

NTP. Communication between the Database Server and configured NTP server.
Custom UDP Rule UDP 161

Specify an IP address for each Data Collector that you will allow to can collect SNMP information about the Database Server.

Configure this list according to your requirements, your AWS configuration, and your security rules.

SNMP Agent. Allows SNMP information about the Database Server to be collected by SL1.

HTTPS

NOTE: Required only if you are using the Administration Portal on the Database

TCP 443

If you will always log in from a single IP address, select My IP.

If you will log in to the instance from multiple IP addresses, enter those IP addresses, separated by commas, in this field.

Configure this list according to your requirements, your AWS configuration, and your security rules.

HTTPS from browser session on user workstation.
Custom TCP Rule TCP 7700

If you will always log in from a single IP address, select My IP.

If you will log in to the instance from multiple IP addresses, enter those IP addresses, separated by commas, in this field.

Configure this list according to your requirements, your AWS configuration, and your security rules.

ScienceLogic Web Configurator. Configuration Utility from browser session on user workstation. This is necessary to license the appliance.
Custom TCP Rule TCP 7706

Specify an IP address for each Data Collector that you will allow to collect SNMP information about the Database Server.

Configure this list according to your requirements, your AWS configuration, and your security rules.

MySQL. Communication from Administration Portal
Custom TCP Rule TCP 8008

If you will always log in from a single IP address, select My IP.

If you will log in to the instance from multiple IP addresses, enter those IP addresses, separated by commas, in this field.

Configure this list according to your requirements, your AWS configuration, and your security rules.

Administrative Web Interface (PHPMyAdmin) from browser session on user workstation

Administration Portal

Inbound

Type Protocol Port Range Source Description
SSH (edit the default SSH rule) TCP 22

If you will always log in from a single IP address, select My IP.

If you will log in to the instance from multiple IP addresses, enter those IP addresses, separated by commas, in this field.

Configure this list according to your requirements, your AWS configuration, and your security rules.

SSH. For ssh sessions from user workstation to the appliance. This is necessary to start the installation wizard.

HTTP

TCP 80

If you will always log in from a single IP address, select My IP.

If you will log in to the instance from multiple IP addresses, enter those IP addresses, separated by commas, in this field.

Configure this list according to your requirements, your AWS configuration, and your security rules.

HTTP from browser session on user workstation.
HTTPS TCP 443

If you will always log in from a single IP address, select My IP.

If you will log in to the instance from multiple IP addresses, enter those IP addresses, separated by commas, in this field.

Configure this list according to your requirements, your AWS configuration, and your security rules.

HTTPS from browser session on user workstation.
Custom TCP Rule TCP 123

Enter the IP address of the NTP server.

Configure this list according to your requirements, your AWS configuration, and your security rules.

NTP. Communication between the Administration Portal and configured NTP server.
Custom TCP Rule TCP 7700

If you will always log in from a single IP address, select My IP.

If you will log in to the instance from multiple IP addresses, enter those IP addresses, separated by commas, in this field.

Configure this list according to your requirements, your AWS configuration, and your security rules.

ScienceLogic Web Configurator. Configuration Utility from browser session on user workstation. This is necessary to license the appliance.
Custom UDP Rule UDP 161

Specify an IP address for each Data Collector that you will allow to can collect SNMP information about the Administration Portal.

Configure this list according to your requirements, your AWS configuration, and your security rules.

SNMP Agent. Allows SNMP information about the Administration Portal to be collected by SL1.

Data Collector

Inbound

Type Protocol Port Range Source Description
SSH (edit the default SSH rule) TCP 22

If you will always log in from a single IP address, select My IP.

If you will log in to the instance from multiple IP addresses, enter those IP addresses, separated by commas, in this field.

Configure this list according to your requirements, your AWS configuration, and your security rules.

SSH. For ssh sessions from user workstation to the appliance. This is necessary to start the installation wizard.
Custom TCP Rule TCP 123

Enter the IP address of the NTP server.

Configure this list according to your requirements, your AWS configuration, and your security rules.

NTP. Communication between the Data Collector and configured NTP server.
Custom UDP Rule UDP 161

Specify an IP address for each Data Collector that you will allow to collect SNMP information about this Data Collector.

Configure this list according to your requirements, your AWS configuration, and your security rules.

SNMP Agent. Allows SNMP information about the Data Collector to be collected by SL1.
Custom UDP Rule UDP 162

Specify a list of IP addresses for all managed devices from which you want to receive SNMP traps.

Configure this list according to your requirements, your AWS configuration, and your security rules.

SNMP Traps. Necessary to receive SNMP traps from managed devices.
Custom UDP Rule UDP 514

Specify a list of IP addresses for all managed devices from which you want to receive Syslog messages.

Configure this list according to your requirements, your AWS configuration, and your security rules.

Syslog messages. Necessary to receive syslog messages from managed devices.
Custom TCP Rule TCP 7700

If you will always log in from a single IP address, select My IP.

If you will log in to the instance from multiple IP addresses, enter those IP addresses, separated by commas, in this field.

Configure this list according to your requirements, your AWS configuration, and your security rules.

ScienceLogic Web Configurator. Configuration Utility from browser session on user workstation. This is necessary to license the appliance.
Custom TCP Rule TCP 7707

Specify the IP address of the Database Server that you want to retrieve data from the Data Collector.

Configure this list according to your requirements, your AWS configuration, and your security rules.

Data Pull. Allows the Database Server to retrieve data from the Data Collector

Message Collector

Inbound

Type Protocol Port Range Source Description
SSH (edit the default SSH rule) TCP 22

If you will always log in from a single IP address, select My IP.

If you will log in to the instance from multiple IP addresses, enter those IP addresses, separated by commas, in this field.

Configure this list according to your requirements, your AWS configuration, and your security rules.

SSH. For ssh sessions from user workstation to the appliance. This is necessary to start the installation wizard.
Custom TCP Rule TCP 123

Enter the IP address of the NTP server.

Configure this list according to your requirements, your AWS configuration, and your security rules.

NTP. Communication between the Message Collector and configured NTP server.
Custom UDP Rule UDP 161

Specify an IP address for each Data Collector that you will allow to collect SNMP information about this Message Collector.

Configure this list according to your requirements, your AWS configuration, and your security rules.

SNMP Agent. Allows SNMP information about the Message Collector to be collected by SL1.
Custom UDP Rule UDP 162

Specify a list of IP addresses for all managed devices from which you want to receive SNMP traps.

Configure this list according to your requirements, your AWS configuration, and your security rules.

SNMP Traps. Necessary to receive SNMP traps from managed devices.
Custom UDP Rule UDP 514

Specify a list of IP addresses for all managed devices from which you want to receive Syslog messages.

Configure this list according to your requirements, your AWS configuration, and your security rules.

Syslog messages. Necessary to receive syslog messages from managed devices.
Custom TCP Rule TCP 7700

If you will always log in from a single IP address, select My IP.

If you will log in to the instance from multiple IP addresses, enter those IP addresses, separated by commas, in this field.

Configure this list according to your requirements, your AWS configuration, and your security rules.

ScienceLogic Web Configurator. Configuration Utility from browser session on user workstation. This is necessary to license the appliance.
Custom TCP Rule TCP 7707

Specify the IP address of the Database Server that you want to retrieve data from the Message Collector.

Configure this list according to your requirements, your AWS configuration, and your security rules.

Data Pull. Allows the Database Server to retrieve data from the Message Collector.

Additional Configuration Steps

After the instance is successfully launched, perform these additional steps to complete configuration:

  • For instances of the Database Server or All-In-One Appliance:
  • For instances of the Administration Portal:
  • For instances of the Data Collector and Message Collector:

Assigning an EIP to the New Instance

This section assumes you have already received the ScienceLogic AMI and created an EC2 instance based on the ScienceLogic AMI.

AWS can assign a public-facing IP address to your new instance. However, the IP address will change each time the instance is stopped or terminated. If you will be accessing an All-In-One Appliance or an Administration Portal appliance from the internet, ScienceLogic recommends you use an Elastic IP address (EIP).

An EIP is a permanent static address that belongs to an account (not an instance) and can be reused. An EIP address is required only if you want the public IP address to remain constant. When you assign an EIP to an instance, the instance still retains its private IP address in its VPC.

If you use an AWS VPN to access the All-In-One Appliance or Administration Portal appliance, that is you can access the All-In-One Appliance or Administration Portal appliance only through your corporate network, you do not have to assign an EIP to the All-In-One Appliance or Administration Portal appliance .

NOTE: For more information on Elastic IP, see http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html

NOTE: AWS accounts are limited five Elastic IP addresses.

To assign an EIP to your new instance:

  1. Go to the EC2 Dashboard.
  2. In the left navigation pane, under the Network & Security heading, click Elastic IPs.
  3. In the Allocate New Address page, click the Allocate New Address button and then click the Yes, Allocate button.
  4. Right-click the new address and select Associate Address from the drop-down menu.
  5. In the Associate Address modal page, select the new SL1 appliance instance in the Instance field, then click the Associate button. The SL1 appliance instance is now associated with the new EIP.

Accessing the Appliance Using SSH

This section assumes you have already received the ScienceLogic AMIs and created an EC2 instance based on the ScienceLogic AMI.

This section assumes that you have access to SSH on the command line (for UNIX users) or have installed PuTTY (for Windows users).

Gathering Information Required for Accessing the Appliance Using SSH

To gather the required information:

  1. Go to the EC2 Dashboard.
  2. In the left navigation pane, under the Instances heading, select Instances.
  3. Click in the row that contains the SL1 appliance instance.
  4. The lower pane contains information about the instance. Write down the Public DNS and Public IP.
  5. If you are using AWS instances to create a distributed SL1 system, perform this step for each AWS instance you want to include in the distributed system.

Configuring SSH

Before you can use SSH with the SL1 appliance instance, you must ensure that SSH can use the .pem file downloaded earlier during the configuration. For details on downloading the .pem file, see the last few steps in the section on Launching the EC2 Instance.

UNIX and LINUX Users

You can connect to your SL1 appliance instance using the SSH command.

NOTE: You should store the .pem file in a secure location. ScienceLogic recommends you store the .pem file in $HOME/.ssh. ScienceLogic also recommends you change the permissions on the .pem file to allow only read-only access by the owner of the .pem file.

To connect using the .pem file generated by AWS, enter the following at the shell prompt:

ssh -i ~/.ssh/my-aws-key.pem em7admin@[hostname or IP address]


where:

  • ~/.ssh/my-aws-key.pem. Replace with the name and full path to your .pem file.
  • hostname or IP address. Replace with the hostname or public-facing IP address of the SL1 appliance instance.

You can also configure your SSH client to automatically select the correct key file when accessing the SL1 appliance instance. For details, see the man page for ssh_config for your flavor of UNIX.

Windows Users

You can connect with your SL1 appliance instance using PuTTY and SSH as the em7admin user. However, you must first convert the private key for your instance into a format that PuTTY can use. See the following for detailed instructions on using PuTTY SSH and converting your private key:

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/putty.html

Web Configuration Tool

Rebooting Data Collectors and Message Collectors

After installing an SL1 appliance as an AWS instance, you must reboot the instance.

To reboot the AWS instance:

  1. Connect to the command-line interface of the appliance as the em7admin user using SSH. See the Accessing the Appliance Using SSH section for more information.
  2. Execute the following command:
  3. sudo reboot